CVE-2025-54968
📋 TL;DR
The SOCET GXP Job Service lacks authentication requirements, allowing unauthorized job submissions. Remote users can potentially submit jobs in certain configurations, while local users can execute jobs with other users' permissions. This affects all BAE SOCET GXP installations before version 4.6.0.2.
💻 Affected Systems
- BAE SOCET GXP
📦 What is this software?
Socet Gxp by Baesystems
⚠️ Risk & Real-World Impact
Worst Case
Remote attackers execute arbitrary code with elevated privileges, potentially gaining full system control and compromising sensitive geospatial data.
Likely Case
Local users escalate privileges by submitting jobs that run with other users' permissions, leading to unauthorized data access or system manipulation.
If Mitigated
With proper network segmentation and access controls, impact is limited to authorized users within the secured environment.
🎯 Exploit Status
Exploitation requires understanding of SOCET GXP job submission protocols but no authentication is needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.6.0.2
Vendor Advisory: https://www.geospatialexploitationproducts.com/content/socet-gxp/vulnerabilities-disclosure/#cve-2025-54968
Restart Required: Yes
Instructions:
1. Download SOCET GXP version 4.6.0.2 from BAE Systems. 2. Backup current installation. 3. Run installer with administrative privileges. 4. Restart all SOCET GXP services and systems.
🔧 Temporary Workarounds
Network Isolation
allRestrict access to SOCET GXP Job Service ports using firewall rules
# Windows: netsh advfirewall firewall add rule name="Block SOCET GXP" dir=in action=block protocol=TCP localport=<port>
# Linux: iptables -A INPUT -p tcp --dport <port> -j DROP
Service Disablement
allTemporarily disable the SOCET GXP Job Service if not required
# Windows: sc stop "SOCET GXP Job Service" && sc config "SOCET GXP Job Service" start= disabled
# Linux: systemctl stop socet-gxp-job && systemctl disable socet-gxp-job
🧯 If You Can't Patch
- Implement strict network segmentation to isolate SOCET GXP systems from untrusted networks
- Enforce principle of least privilege for all user accounts accessing SOCET GXP systems
🔍 How to Verify
Check if Vulnerable:
Check SOCET GXP version via Help > About in the application interface or examine installed program version in system control panelCheck Version:
# Windows: reg query "HKLM\SOFTWARE\BAE Systems\SOCET GXP" /v Version
# Linux: cat /opt/socetgxp/version.txtVerify Fix Applied:
Confirm version is 4.6.0.2 or later and test that Job Service now requires authentication for job submissions📡 Detection & Monitoring
Log Indicators:
- Unauthenticated connections to Job Service port
- Job submissions from unexpected IP addresses or user accounts
- Failed authentication attempts if logging is enabled
Network Indicators:
- Unencrypted traffic to SOCET GXP Job Service ports (default varies by installation)
- Job submission requests without authentication headers
SIEM Query:
source="socet-gxp.log" AND (event="job_submission" AND user="anonymous") OR (event="connection" AND auth="none")